etcd-io/etcd
1
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2026-02-05 06:46:49 +01:00
Code Issues Releases Activity
Files
main
etcd/hack/tls-setup
History
dongjiang 6960014f36 Update ca-csr.json 
Signed-off-by: dongjiang <dongjiang1989@126.com>
2025-09-18 10:40:03 +08:00
..
config
Update ca-csr.json
2025-09-18 10:40:03 +08:00
Makefile
Update cert generation Makefile to include configurable IP addresses
2021-03-11 11:59:03 -08:00
Procfile
*: scrub legacy ports from code and scripts
2016-05-11 13:46:30 -07:00
README.md
hack,scripts: rename "master" branch references to "main"
2021-05-12 10:40:28 -07:00

README.md

This demonstrates using Cloudflare's cfssl to easily generate certificates for an etcd cluster.

Defaults generate an ECDSA-384 root and leaf certificates for localhost. etcd nodes will use the same certificates for both sides of mutual authentication, but won't require client certs for non-peer clients.

Instructions

  1. Install git, go, and make
  2. Amend https://github.com/etcd-io/etcd/blob/main/hack/tls-setup/config/req-csr.json - IP's currently in the config should be replaced/added with IP addresses of each cluster node, please note 127.0.0.1 is always required for loopback purposes:
Example:
{
  "CN": "etcd",
  "hosts": [
    "3.8.121.201",
    "46.4.19.20",
    "127.0.0.1"
  ],
  "key": {
    "algo": "ecdsa",
    "size": 384
  },
  "names": [
    {
      "O": "autogenerated",
      "OU": "etcd cluster",
      "L": "the internet"
    }
  ]
}
  1. Set the following environment variables subsituting your IP address:
export infra0={IP-0}
export infra1={IP-1}
export infra2={IP-2}
  1. Run make to generate the certs
View Git Blame Copy Permalink